FISA

A new phishing campaign is making waves in the cybersecurity community, targeting Microsoft 365 users by exploiting Microsoft’s own Active Directory Federation Services (ADFS). What makes this attack particularly dangerous is that it uses legitimate office.com links as part of the lure, giving victims a false sense of security before redirecting them to malicious login pages. How the Attack Works Researchers at Push Security uncovered this campaign, noting that it represents a major evolution in phishing techniques. Instead of relying on suspicious emails or obvious fake websites, the attackers are leveraging malvertising —malicious ads placed on search engines. For example, a user searching for “Office 365” may see a sponsored link that looks completely legitimate. Clicking it takes them to a genuine outlook.office.com URL. However, that URL is carefully crafted to trigger a redirect controlled by the attackers. The key lies in abusing ADFS , which normally provides single sign-...

Not long ago, deepfakes were digital curiosities – convincing to some, glitchy to most, and often more meme than menace. Fast forward to 2025, and they’ve become fully weaponized, commercially available, and dangerously scalable. What began as clever video edits has become a self-operating engine for social engineering, fraud, and identity theft. According to  Check Point Research’s AI Security Report 2025 , we’ve reached a pivotal moment:  deepfake technology now spans from basic offline generation to fully autonomous, real-time impersonation engines , capable of deceiving even seasoned professionals. Deepfakes by the Numbers: Where We Stand Over $35 million in fraud losses have been attributed to deepfake video scams in just two high-profile cases in the UK and Canada. AI-driven voice deepfakes are now used regularly in sextortion, CEO impersonation, and hostage scams— one case in Italy  saw criminals impersonate the Minister of Defense in a live call to extort high-pro...